Below, I have attached papers that best display my cyber knowledge throughout my time at ODU studying cybersecurity. <\/p>\n\n\n\n
Policy Analysis Paper <\/strong><\/p>\n\n\n\n Isaas Lozada <\/p>\n\n\n\n CYSE 425W <\/p>\n\n\n\n Dr.Mehr <\/p>\n\n\n\n 9\/21\/25<\/p>\n\n\n\n A Cybersecurity policy is the foundation of a company\u2019s defense strategy against outside threats like malicious hackers or even internal threats such as an employee. This policy that is put into practice is best to protect an organization\u2019s digital information from being corrupted or intercepted. Some examples of extreme damage from these attacks could result in monetary loss, legal battles, damage to reputation, and even bankruptcy. The reason these policies exist in the workplace is to set a standard. Everyone at the company must adhere to these rules and follow them to the exact detail, this ensures equal fault amongst all employees. These policies establish clear guidelines not only to ensure protection of internal security but these policies also promote an organization’s commitment to cybersecurity. Customers, Business owners, investors, they all pay attention to how a company protects their crucial digital information, having that safety net of a policy in place boosts trust within a company. <\/p>\n\n\n\n Many times these policies cover a range of topics, some examples would include how to properly \u201cBring your own device\u201d or guidelines on how employees can spot and avoid threats. However, some policies require grave attention, these policies are referred to as \u201cStand Alone\u201d policies. A \u201cStand Alone\u201d policy that is essential to a company\u2019s success and absolutely required would be the \u201cIncident Response\u201d policy. This policy details all the right moves for a company to make when responding,reporting, or responding to a cyber threat. This policy also details how a company should properly report and also document what occurred during that \u201cincident\u201d. <\/p>\n\n\n\n This policy is extremely important because it acts as an umbrella in terms of defense, against several disasters that could occur to a company. A prime example of a threat that would be encountered during the “incident” phase would be Ransomware. Ransomware is a malicious malware that would hold a company\u2019s computer \u201chostage\u201d until they provide a ransom. IBM reported that twenty percent of all network attacks were a direct use of ransomware, this data solidified that Ransomware is a real threat and amongst the most popular rising attacks used in recent times. <\/p>\n\n\n\n Social engineering is also a huge threat that is covered under the incident response policy. The most prominent threat under social engineering is known as \u201cPhishing\u201d. Phish attacks are usually an impersonation of a trusted individual by a hacker with the intent of manipulating an employee into leaking sensitive information, downloading malware, and even transfer of financials. The Incident Response policy is put in place to halt these attacks. A typical incident Response policy has four main steps, those steps are detection, reporting, response, and documentation. <\/p>\n\n\n\n The first step being detection is crucial, this step identifies the threat and what exactly is being attacked. Directly after identifying the threat, the threat must be reported to the response team, these reports include where the attack happened and the specific time. This is the \u201cresponse\u201d portion of the defense strategy, the response team will identify the threat and then rapidly work on neutralizing the threat. After neutralizing the threat, the final step is to document what had occurred during the incident. The documentation should report all findings and serve as a guide to instruct the proper strategies that should be used for current attacks as well as future attacks.<\/p>\n\n\n\n References <\/strong><\/p>\n\n\n\n NIKE, Inc. 10-K Cybersecurity GRC – 2024-07-25<\/em>. (2024, July 25). Board-Cybersecurity.com. https:\/\/www.board-cybersecurity.com\/annual-reports\/tracker\/20240725-nike-inc-cybersecurit y-10k\/ <\/p>\n\n\n\n Wadhwa, P. (2023, December 10). Why is Cyber Incident Reporting Important? (Complete Process)<\/em>. Sprinto. https:\/\/sprinto.com\/blog\/cybersecurity-incident-reporting\/ Fortinet. (2025). What Is Incident Response? Process & 6 Step Plan<\/em>. Fortinet. https:\/\/www.fortinet.com\/resources\/cyberglossary\/incident-response<\/p>\n\n\n\n Fortinet. (2025). What Is Incident Response? Process & 6 Step Plan. Fortinet. Political Effects On A Policy Analysis Paper <\/strong><\/p>\n\n\n\n Isaas Lozada <\/p>\n\n\n\n CYSE 425W <\/p>\n\n\n\n Dr.Mehr <\/p>\n\n\n\n 9\/21\/25<\/p>\n\n\n\n Incident response policy is an organization\u2019s number one defense strategy when it comes to technical documents that regard a cyber crisis. All business organizations must have an incident response policy, it is not a choice but a requirement. However, this strategy often drags more attention than needed, these policies have deep political foundations rooted within them. An incident response policy is a political document. The policy always forces decisions that deal with power, blame, money and communication. <\/p>\n\n\n\n The first and most crucial step to an incident response policy is to establish who is the head of the table, who calls the \u201cshots\u201d at the top of the chain of command. This portion of the policy starts the “hierarchy” process for an organization. When an organization appoints a head of command, they typically refer to high intelligence positions that are known as a \u201cCISO\u201d. A CISO stands for Chief Information Security Officer, these positions are the pinnacle of trust at the senior executive level. They usually have the highest form of authority over all departments, they also deal with changes of leadership across departments as well. These decisions can lead to conflict, they make real time changes that may ruffle the feathers of other executives. These decisions usually create a political \u201cminefield\u201d that the CISO has to navigate through to ensure that the right changes are being made without creating division. <\/p>\n\n\n\n The CISO has the most power and that comes with a lot of responsibility. The CISO analyzes the entire incident at hand and determines how to properly defend against current cyber threats and future threats. During the investigation process the CISO must determine who was at \u201cfault\u201d. This accountability that the CISO has to follow through with is not only stressful but also extremely political. The accusation of a department at fault never runs over smoothly, some departments may use the policy’s language as a tool or scapegoat to push the blame onto others. This makes the investigation process for a CISO extremely difficult due to the political influence that \u201cclouds\u201d over the analysis. <\/p>\n\n\n\n Incident Response policy\u2019s political nature does not just halt after dictating who was at fault. The policy also has to deal with the financial aspect of an incident that an organization faces as well. The budget after an incident for repairs, legal fees, fines, and even forensic consultants all contribute to the political background of an Incident Response policy. The policy must determine where a majority of all the funds are allocated within an organization. This can cause division because other departments may find anger with the decision, causing a conflict between the IT leadership and Financial leadership. Typically, every department head will argue their beliefs on why their department should receive the most funds over other departments. Prioritization is the solution that the incident response policy enforces when these hardships arise. This portion of the incident response policy is extremely political because it enforces the necessity of each department, which always results in the political priorities of one department over another.<\/p>\n\n\n\n References <\/strong><\/p>\n\n\n\n Cybersecurity and Infrastructure Security Agency. (2023). Cybersecurity Incident Response | CISA<\/em>. Cybersecurity and Infrastructure Security Agency CISA. https:\/\/www.cisa.gov\/topics\/cybersecurity-best-practices\/organizations-and-cyber-safety\/cybersecurity-incident-response <\/p>\n\n\n\n Policies & Priorities<\/em>. (n.d.). Www.cio.gov. <\/p>\n\n\n\n https:\/\/www.cio.gov\/policies-and-priorities\/cybersecurity\/ Cyber Incident Reporting: A Unified Message for Reporting to the Federal Government<\/em>. (2016, July 28). Department of Homeland Security. https:\/\/www.dhs.gov\/publication\/cyber-incident-reporting-unified-message-reporting-federal-government<\/p>\n\n\n\n\n\n\n\n The Social Implications Of Security Awareness Training <\/strong><\/p>\n\n\n\n Isaas Lozada<\/p>\n\n\n\n Old Dominion University<\/p>\n\n\n\n CYSE 425W<\/p>\n\n\n\n Dr.Mehr<\/p>\n\n\n\n 12\/1\/25 <\/p>\n\n\n\n The Social Implications Of Security Awareness Training<\/strong><\/p>\n\n\n\n Current society\u2019s cybersecurity has transformed from what was once considered a “technical” problem into a social vulnerability. The core factor behind the development of strategies like Security Awareness Training is that hackers target employees, not just the technology. The best way to break into an established network is by taking advantage of human trust through phishing attacks and social engineering (Spitzner, 2023). This is solid evidence that lapses in the human element is the core source as to why security breaches required a shift in policy, transitioning away from a strictly technical defense and towards methods that directly address human behavior. However, the success of this strategy is entirely dependent on the social culture and behaviour demonstrated within a company.<\/p>\n\n\n\n Implementing a Security Awareness Training policy can also come with extreme social consequences. The results will rely on the execution of the policy, either generating a positive culture of encouragement or a negative culture based on fear. If a company\u2019s mindset is one that focuses directly on punishment, the policy will have detrimental social consequences. Realistic phishing scenarios will be viewed as shameful exercises, and employees that fail will be made to feel embarrassed. This will certainly develop a culture that is based on terror and secrecy, which will cause employees to stash their mistakes to avoid fault, allowing hackers to remain inside the network for a longer duration than necessary (Karyda, 2007). In contrast, if the policy is intended as a tool for support and education, it generates a positive and influential social culture of encouragement, turning employees from vulnerabilities into a driven \u201chuman firewall.\u201d<\/p>\n\n\n\n The assessment of this policy\u2019s societal impact is based on my Cybersecurity Culture Maturity Model, which evaluates how a company\u2019s security culture molds the policy\u2019s effectiveness. The model\u2019s levels are Clueless, Compliant, Security-Aware, and Security Resilient. Each level represents where a company\u2019s culture should be categorized. A company that falls under the \u201cCompliant\u201d level is one where the policy has little importance and is viewed as a \u201cchore\u201d for compliance. On the other hand, a company that values the policy to establish a sense of a unified duty to defend, will have its culture leap to the \u201csecurity-aware\u201d level with the goal of becoming \u201cSecurity Resilient,\u201d where security is a shared priority across the company, not just a chore to complete (Collard et al., 2024).<\/p>\n\n\n\n
https:\/\/www.fortinet.com\/resources\/cyberglossary\/incident-response<\/p>\n\n\n\n\n\n\n\nAn Analysis On The Political Effects Of A Policy Paper <\/h2>\n\n\n\n
A Paper On The Social Implications Of Security Awareness Training<\/h2>\n\n\n\n